ietf-asrg
[Top] [All Lists]

Re: [Asrg] What are the IPs that sends mail for a domain?

2009-06-23 10:03:01


--On 22 June 2009 17:53:54 -0400 Rich Kulawiec <rsk(_at_)gsp(_dot_)org> wrote:

On Mon, Jun 22, 2009 at 02:59:01PM +0100, Ian Eiloart wrote:
We use IP address reputation services because there's nothing else we
can  use, in the absence of some way to authenticate the sender address.
Of   course, those mechanisms exist and are widely deployed but not
universally, or even by a majority of domains. When they become so,
we'll  no doubt see domain based reputation services, and even address
based  reputation services being used as much as IP address reputation
services  are.

I don't think so.  Domains and addresses are nearly-free and disposable,
so spammers could easily render both pointless exercises whenever it
suited them to do so.

Yes, they are. But, acquiring reputation for a domain is a different question. Sure, a new email address doesn't have a negative reputation, but it doesn't have a positive reputation either.

Mail server configurations of the future will likely reject email from addresses with negative reputations (except where whitelisted), accept email from addresses with good positive reputations (except where blacklisted), and do other stuff with addresses without reputation (including newly registered addresses, and previously unused addresses.

What will they do with the addresses without reputation scores? Well, at worst only what they do now - examine the content, check the IP address reputation, etc. But, they'll also have a host of other things they can do, including domain based whitelisting and blacklisting (pointless without authentication). And, they'll be able to - for example - rate limit mail from unusual addresses until the new addresses have acquired sufficient reputation.

And, if they do use new domains for spam, we can track them through the registrars. Unresponsive registrars will acquire poor reputation - so expect to see registrar based reputation services, too.

Given that registrars are quite happy to continue
selling dirt-cheap domains by the thousands to even the worst spammers
(and registrars ARE spammers) it will always be possible for abusers to
come up with another domain and another email address -- or another ten
thousand of each -- whenever it suits them.   Network space is not quite
so easy to come by, so I think we stand a better chance keeping track of
allocations.

Yes, but what's the point? I've never had any of my users ask me to whitelist an IP address. I've had plenty ask me to whitelist domains and specific addresses. We don't do that at the moment, because a whitelist entry is simply a hole in our spam defences. Oh, and notice that it hasn't actually worked very well.

---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg



--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>